Comments on: Upgrade Flash and Turn Off Acrobat, NOW!

By: Robert

Robert — Fri, 20 Mar 2009 23:11:38 +0000

I hate to sound like a sponsor of Adobe but I just can’t see the comparison between them and MS. I don’t know how long these vulnerabilities have been with Flash and Acrobat but I do know that Adobe was quick to point it out in relationship to MS. Let’s face it MS refuses to make a decent browser, causing programmers to hack their work just to get their sites to run on EX 6 and 7 and now I hear 8 isn’t much better. At least Adobe puts out products that work and yes they have bugs but at least there is a place to report them and track the status. So to say that Adobe would intentionally distribute software that would compromise your data is going a little too far. Yes Adobe and other IT companies are in the business to make money but some do try harder than most to make a reliable product.

By: Rava

Rava — Mon, 09 Mar 2009 14:36:17 +0000

Once again a huge IT company (just like Microsucks, sorry for the lame pun, but you know it’s true) shows their unwillingness and inability to give secure software to the users and it’s again one of the small next door hackers like Giorgio Maone aka NoScript that gives the even free solution.
Seems when only gaining money and the business chart is important, the danger and possible risk for thousands or millions of users won’t really be a matter.
Shame on Adobe, Microsuck and all these perverted companies risking user’s data security to make more dirty bucks.

By: Tom T.

Tom T. — Wed, 04 Mar 2009 06:39:06 +0000

@Morgan Storey:

Yes, I should have mentioned that if you get v3.02 or earlier (Nov 07, I think), the nag screen is only a small one that can be deleted instantly without even a click — just hit Enter (OK is highlighted.) I’ve avoided updates for that reason.

I use DropMyRights also, but it’s not as restrictive as SB. I believe it strips only admin privilege, so you are left with "user" privilege, which is a higher level than "guest". (Of course, I could be mistaken.) DMR will still allow any changes to your system or files that can be done without admin privilege. It’s definitely a help, but SB *is* in effect that VM you mentioned, but in a much lighter wrapping. I have three Fx shortcuts: to an admin-privilege, a DMR-privilege, and a Sandboxed one. Pretty much use SB exclusively these days.

Note that older versions are available from the developer’s page (nice touch — wish everyone did that). Go to 3w.sandboxie com/index dot php?OldVersions and try 3.02. Cheers!

By: Anon

Anon — Mon, 02 Mar 2009 04:52:42 +0000

Just upgraded to the latest flash (10.0.22.87) and had my Firefox 3.0.6 crash for the first time since October 2008.

The previous version of Flash 10 had no stability problems.

By: Morgan Storey

Morgan Storey — Sun, 01 Mar 2009 11:26:34 +0000

I had a look at sandboxie and thought it was pretty good, but I didn’t like the nag screen. I found MS actually had "drop my rights" just a small exe that you use to call your program, in this case firefox, IE, or outlook (though outlooks plugins don’t wsork). It effectively runs the program with guest privledges, so very little.
Of course if it seems dodgier that usual I will fire up a VM and browse in there, then revert to a previous snapshot.

By: Basti

Basti — Fri, 27 Feb 2009 18:38:10 +0000

MattJ:

It has been said. "Never open attachments if you receive some without asking for them. If it’s PDF it’s OK, those files are clean."

Who said that??

I didn’t quote anyone special, but several security experts considered PDF as safer as video files or images/pictures. This was the case as long as there wasn’t an exploit. No file that can trigger an error, no security problem. No bullets that hit your body, no armor is needed. That does not mean that it would be safer…

By: Tom T.

Tom T. — Fri, 27 Feb 2009 12:46:15 +0000

@Giorgio: As I’ve posted before, I do almost all web browsing with Fx and NS running inside Sandboxie. (sandboxie point kom, free but nag) From what I’ve read, it really should prevent major damage from exploits like these and any others yet to be discovered. The exploit gives the attacker the same privileges as the user, which is "none": Nothing done inside the sandbox can affect anything outside it (like your hard drive, system files, data files, or anything else).

We all know that you’re very overloaded at the moment, but *some day*, could you please check out Sandboxie and verify or deny the developer’s claims? It would be an additional level of protection, not a replacement for NS (nothing is :-), and perhaps the only way to view *any* Flash safely, since trusted sites can become compromised. Layered protection, and a powerful combination. Thanks!

By: Tom T.

Tom T. — Fri, 27 Feb 2009 11:57:16 +0000

I got rid of Acrobat reader when it swelled from 40 MB (5.0) to 167 MB (8.0( to 345 MB (9.0). Figured if all I wanted to do was open pdfs, why did I need whatever was swelling it? Got Foxit 2.0 Reader from 3w dott foxitsoftware dott calm (freeware, no nag). Total ProgFiles folder is less than 4 MB, i.e., two full orders of magnitude less than Adobloat. And has *no* JavaScript reader. So am I vulnerable to this pdf attack? Check it out…

BTW, Foxit added the "feature" of JS in 2.1 and later (I think). You should be able to find the older one, perhaps at oldversion daht comm or search for it.

By: MattJ

MattJ — Thu, 26 Feb 2009 21:09:53 +0000

Basti says:

It has been said. "Never open attachments if you receive some without asking for them. If it’s PDF it’s OK, those files are clean."

Who said that?? You were right, after all: that IS wrong. Just because it is PDF is no guarantee it is ‘clean’.

By: 4.6.0.241 for the Bold in the Wild… | BlackBerry Hack

4.6.0.241 for the Bold in the Wild… | BlackBerry Hack — Thu, 26 Feb 2009 16:55:08 +0000

[…] hackademix.net » Upgrade Flash and Turn Off Acrobat, NOW! […]